Cyber Attacks On Activists Traced To Gamma Group's FinFisher Spyware

← Back to Stories (view on slashdot.org)

Cyber Attacks On Activists Traced To Gamma Group's FinFisher Spyware

Posted by Soulskill on Wednesday July 25, 2012 @09:23AM from the congrats-the-internet-hates-you-now dept.

Sherloqq sends this quote from a Bloomberg report: "FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke. For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution. In December, anti-secrecy website WikiLeaks published Gamma promotional videos showing how police could plant FinFisher on a target's computer. ... Researchers believe they’ve identified copies of FinFisher, based on an examination of malicious software e-mailed to Bahraini activists, they say. ... The findings illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed."

54 comments

Min score:

Reason:

Sort:

First Post by Anonymous Coward · 2012-07-25 09:24 · Score: 1

Posted by FinFisher
Malware by Anonymous Coward · 2012-07-25 09:29 · Score: 1

can secretly take remote control of a computer...
So this isn't "pen testing", it's traspassing with full-on malware, right?
Does it require user interaction, or does it use remote exploits and known vulnerabilities?
Criminal? by Anonymous Coward · 2012-07-25 09:32 · Score: 0

So, when is this 'Gamma Group' going to be dismantled, incarcerated, and shut down permanently?
1. Re:Criminal? by pseudofengshui · 2012-07-25 09:36 · Score: 3, Funny
  
  That depends on how many pirated MP3s come bundled with FinFisher.
  
  --
  [Text goes here]
2. Re:Criminal? by Trepidity · 2012-07-25 09:37 · Score: 2
  
  Since Egypt was considered a UK ally, it wasn't on any lists of countries where it's prohibited to sell this kind of stuff, so unfortunately it was probably still legal. Unless someone finds them having sold stuff to North Korea or Syria or something.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Gamma Group - For All Your Fascist E-Needs by ohnocitizen · 2012-07-25 09:34 · Score: 3, Insightful

Want to trample activists? Stop dangerous ideologies like Democracy in its tracks? Trust Gamma Group as much as you don't trust your citizens. "We'll help you spy on your people(tm)".

If ever there was a company aching for a PR disaster...
1. Re:Gamma Group - For All Your Fascist E-Needs by Anonymous Coward · 2012-07-25 09:40 · Score: 2, Interesting
  
  i dont think a company that sells spyware to government entities is worried about their public image...
2. Re:Gamma Group - For All Your Fascist E-Needs by ackthpt · 2012-07-25 09:48 · Score: 3
  
  i dont think a company that sells spyware to government entities is worried about their public image...
  Actually, they prefer to be completely opaque .. to the point people are unaware they exist. It is the glare from the spotlight of attention they squirm under.
  Nothing to see here, nothing at all, we're just a bunch of chickens, nothing special .. why don't you go see what Rebecca and Andy are up to?
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
3. Re:Gamma Group - For All Your Fascist E-Needs by CanHasDIY · 2012-07-25 09:50 · Score: 1
  
  If ever there was a company aching for a PR disaster...
  You say that as if modern governments give a shit what their people think.
  
  Protip: They don't. Why should they? If the last 30 years have taught us anything, it's the fact that if someone in government wants to commit an act that is currently criminal, they just make an exception for themselves.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
4. Re:Gamma Group - For All Your Fascist E-Needs by s.petry · 2012-07-25 11:30 · Score: 1
  
  While I don't disagree with your sentiment, I do say that there is more we can do as people to resolve these issues. Educate people around you, and wake people up is the first step. After that, you can actually have enough mass to make changes. Complacency is not going to resolve the problems (obviously).
  Of course this is an extension of your thoughts. The sentiment alone hints at being defeated, perhaps that was not your opinion.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
5. Re:Gamma Group - For All Your Fascist E-Needs by Anonymous Coward · 2012-07-25 17:34 · Score: 0, Flamebait
  
  Want to trample activists? Stop dangerous ideologies like Democracy in its tracks? Trust Gamma Group as much as you don't trust your citizens. "We'll help you spy on your people(tm)".
  If ever there was a company aching for a PR disaster...
  There are plenty of free software out there that does the same job, and you guys don't get all worked up about shit like Back Orrifice. This "news" is just some emails showing up with a new flavor of eavesdropping software attached.
  Tell me you were _honestly_ concerned about the prospect of "bad people" using these old hat tools.
6. Re:Gamma Group - For All Your Fascist E-Needs by Yvanhoe · 2012-07-25 23:54 · Score: 1
  
  For all the rest, there is SSL, Tor and GPG. Use them if you are a political activist or a journalist talking to them. It is important. There has been a recent clash in France between Telecomix and AFP when an interview was published, explaining that the journalist has interviewed an opponent through skype.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
7. Re:Gamma Group - For All Your Fascist E-Needs by CanHasDIY · 2012-07-26 01:40 · Score: 1
  
  Not being defeatist, just pointing out the obvious.
  
  Educating people, as you said.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
8. Re:Gamma Group - For All Your Fascist E-Needs by Anonymous Coward · 2012-07-26 02:33 · Score: 0
  
  How exactly would Tor, SSL, or GPG prevent a keylogger and arbitrary code execution exploits from working?
9. Re:Gamma Group - For All Your Fascist E-Needs by Yvanhoe · 2012-07-26 06:37 · Score: 1
  
  How exactly would NASA solve the malaria pandemic ?
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Moving to other platforms? by mlts · 2012-07-25 09:44 · Score: 4, Interesting

With all the malware tools becoming available for Windows and Mac, perhaps Linux, I wonder if this will encourage people to move to lesser known platforms that would function just as well.
Moving to a non-mainstream CPU and OS would stop most malware in its tracks. Making sure that cross-platform items like Java are either not run, or are run in a chrooted, jailed space, perhaps as a different user, might also be the par for the course.
Hmm... time to see where I put the old Indy and see if Chromium or Firefox would port to IRIX without some substantial effort or rewriting... Barring that, there are always some old POWER5 boxes on eBay with graphical consoles, as well as SPARC boxes.
Maybe it is time to go back to the days of Solaris for being on the Internet.
1. Re:Moving to other platforms? by Anonymous Coward · 2012-07-25 09:53 · Score: 0
  
  i like the cut of your jib good sir
2. Re:Moving to other platforms? by Anonymous Coward · 2012-07-25 10:09 · Score: 4, Informative
  
  If you look at these videos there is at least one video which suggests this requires a bit of stupidity on the users part.
  It assumes Microsoft Windows / Mac
  1. Insertion of payload to EXE / DMG download (semi assumed although this is this would be feasible and thus I'm sure how they are doing it)
  2. Instant message to blackberry user with link to trojan (spam)
  3. They show USB keys being physically inserted (I'd assume this is a non-locked down system and the trojan is opened through autorun, but that doesn't even work in Vista/7, which means user interaction, which if you are physically at the computer this would be easy to hit ok, if there are no screen saver passwords)
  Platform based solutions:
  1. Don't enable downloading of executable content (limit programs to trusted, vetted, and verifiable sources like repositories)
  2. Don't enable downloads of executable content
  3. Don't leave the system unattended, ever, and boot from removable media, the system should also be kept secure from adversaries and checked for physical hardware devices that could intercept key strokes
  Some other things:
  4. Disable scripting (libre office macros, adobe flash, PDF reader, browsers, etc)
  5. Use publicly verifiable encryption software (this excludes truecrypt as the source code is not easily vetted even though it's available, a public CVS is needed)
  6. NOT SKYPE! Anything but Skype. I mean. Really. Are you stupid? There are some alternative options. GPG email / instant messaging is probably ideal with limited protocols (personal jabber server, NOT GTalk, MSN, AIM, etc).
  7. Don't leave the data unencrypted and don't utilise third party systems (at least not repeatedly- you can easily attack a user by simply monitoring them and then infecting the systems they use even if in Internet cafes, how many Internet cafes do you have in your area? chance are you end up using one of a dozen at the most, all easily infected)
3. Re:Moving to other platforms? by Anonymous Coward · 2012-07-25 10:31 · Score: 0
  
  You will be disappointed with either the performance or the electricity bill.
  BTW do you remember the "one exploit a week for Irix" series on bugtraq?
  Sure, a malware might not be able to penetrate an Irix box, but any script kiddie could.
  The only reasonable-looking alternative would be to get a (or two) handful of some not-too-mainstream processors (those mipsen used in wifi routers come to mind), and build your own smp box with linux. Iff you can soldier a some-hundred ball package.
4. Re:Moving to other platforms? by jonfr · 2012-07-25 10:51 · Score: 1
  
  Secure boot would be re-writable cd-rom or dvd. But with the swamp and data on the hard drive. It allows for two things. Secure boot and no loss of data. It would also be smart to move away from Linux to FreeBSD, NetBSD, OpenBSD or something of that nature. As Linux is well known today and has possibility of exploits.
5. Re:Moving to other platforms? by budgenator · 2012-07-25 11:48 · Score: 1
  
  Your assuming that Chromium or Firefox is as secure as most of us hope; Lynx should be pretty secure.
  
  --
  Apocalypse Cancelled, Sorry, No Ticket Refunds
6. Re:Moving to other platforms? by Anonymous Coward · 2012-07-25 14:20 · Score: 0
  
  Ages ago before Linux and Free/Net/OpenBSD, there were a lot of UNIX variants for x86. Dell had a UNIX from the SVR4 kernel, QNX was in the market. At the time, the most popular BSD with source was Mt. Xinu and BSD386 (not 386BSD from Jolitz.)
  I wonder if QNX is still being maintained as a full OS product and not just the realtime kernel. If not, a BSD is probably the best balance between a modern OS versus being obscure enough to foil the blackhats.
7. Re:Moving to other platforms? by aaaaaaargh! · 2012-07-25 20:31 · Score: 1
  
  Companies like Gamma Group are selling this software at exorbitant prices under defense contracts. They offer to infect about any (non-hardened, non-military) system and any telefone in existence, and for the money they get they can easily hold that promise.
  So, no, switching to a lesser known system will not help much. Perhaps it will make a few people curse and delay the whole spying attempt for a few months, but not much more.
All the more reason ... by ackthpt · 2012-07-25 09:46 · Score: 1

To leave Win world as soon as possible.

--

A feeling of having made the same mistake before: Deja Foobar
1. Re:All the more reason ... by Lunix+Nutcase · 2012-07-25 09:48 · Score: 1
  
  Because malware can't be written for OS X or Linux?
2. Re:All the more reason ... by Anonymous Coward · 2012-07-25 10:04 · Score: 1
  
  They'd generally have to get the malware into the Linux repos, which isn't totally impossible, but it is a rather large barrier. It reduces the malware footprint of the Linux ecosystem to a tiny fraction of what it might be otherwise.
  Generally you're pretty safe if you:
  (1) Don't follow the "run all scripts from anybody!" idiots
  (2) Only install software from trusted repos.
  Sure, someone could break in and physically install it on your machine, but that's not going to be happening to the vast majority. You pretty much have to have an outstanding criminal investigation against you or something before that will happen in most countries.
  So yeah, Linux does protect you for the most part. So would BSD. Of course, this being /., someone will utterly miss the point by observing that this isn't 100% proof against malware, only 99.999%, and should therefore be considered useless, because as we all know, there is only black and white, and 99.999% white is therefore the same as black.
Want to defeat FinFisher? by Gordonjcp · 2012-07-25 09:46 · Score: 1

Install Linux. Better yet, install Arch Linux, because all the packaged libraries will be way too new for it to have a hope in hell of ever working.
Re:Fags and spics by Baloroth · 2012-07-25 09:48 · Score: 2

In most countries, software itself is not illegal unless it is used illegally in that country (I believe Japan is one exception, there may be others was well). Monitoring your own computer using "malware" is perfectly legal. That means the government cannot legally do anything, and generally you wouldn't want them to either: or do you trust governments to have the restraint not to call Linux "hacking" software?

--
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Re:Fags and spics by Lunix+Nutcase · 2012-07-25 09:55 · Score: 1, Flamebait

What the hell does your blabbering have to do with anything? This isn't about people running software they choose. It is abut a UK comany exporting malware to what was a dictatorial regime to spy on political dissidents.
I don't know who I'm more afraid of by cultiv8 · 2012-07-25 09:56 · Score: 3, Insightful

what the NSA is doing or unbridled capitalism.

--
sysadmins and parents of newborns get the same amount of sleep.
Linux client? by Anonymous Coward · 2012-07-25 10:04 · Score: 0

Let me know when this thing runs on linux...
Government Sales by hoggoth · 2012-07-25 10:06 · Score: 2

"The statement addressed the documents found in Cairo, which priced the system at 388,604 euros ($470,000), including maintenance. "
Gotta love selling to governments. Spector-Pro eBlaster costs about $100 and does the same thing.

--
- For the complete works of Shakespeare: cat /dev/random (may take some time)
Software company sells software by houghi · 2012-07-25 10:07 · Score: 2

What is the news in this? Remember: Guns don't kill people, people do. Software does not spy on people, people do.
I think nobody here is impressed that you can control a device in another country, as the majority here will be aware what the Intertubes are. The times of people wondering how you opened the CD tray on a remote machine are well passed us.
I would rather see how they do it to be not found out by anti-virus programs and what we can do now to detect if we (well, those who might be at risk) are infected or not.

--
Don't fight for your country, if your country does not fight for you.
1. Re:Software company sells software by John+Hasler · 2012-07-25 10:41 · Score: 1
  
  I would rather see how they do it to be not found out by anti-virus programs and what we can do now to detect if we (well, those who might be at risk) are infected or not.
  Well, once it is properly "regulated" as the article suggests is necessary the antivirus vendors will be prohibited from warning users about licensed spyware as it will only be used in authorized police investigations.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:Software company sells software by Anonymous Coward · 2012-07-25 11:27 · Score: 0
  
  What makes you think that "anti-virus" software will work against government sponsored mal-ware? Or to ask another question, are you so foolish you don't think the government requires backdoors in many major pieces of software? Skype... for instance. Which government, and which software is probably mainly a regional thing. But we already know that network equipment coming out of certain asian countries comes pre-compromised AND includes 'secret' back doors.
  
  You are more than welcome to operate under the principle that YOUR government would never do that. However, MY government has been KNOWN to be doing that for a long time now. So has China's, Iran's and I'm sure dozens of others. If you didn't roll the crypto, it's not safe. Period.
Who on earth by Dainsanefh · 2012-07-25 10:09 · Score: 1

don't know how to put an electrical tape over their webcam already? Remove it only when you use it!

--
Twitter: @dainsanefh
Question for the security pros by HangingChad · 2012-07-25 10:11 · Score: 1

Does the FinFisher software work across all platforms? Windows, Mac and Linux?
Whenever I hear about spyware like FinFisher, I have what is perhaps a false sense of security that it's really talking about Windows.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
and yet the Joker was undetected by Dainsanefh · 2012-07-25 10:11 · Score: 0

Wait... I know why. His military spending was funded by federal grant!
http://www.dailypaul.com/246022/joker-hit-jackpot-26k-federal-grant

--
Twitter: @dainsanefh
"...unregulated trade..." by John+Hasler · 2012-07-25 10:29 · Score: 2

Oooh. People doing things without permission. Oooh. This must be stopped! Only the Authorities should have access to this sort of thing (because you know we can trust them).

From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed.
If it is installed on your computer.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:"...unregulated trade..." by s.petry · 2012-07-25 11:42 · Score: 1
  
  Oooh. People doing things without permission. Oooh. This must be stopped! Only the Authorities should have access to this sort of thing (because you know we can trust them).
  
  From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed.
  If it is installed on your computer.
  It was "the Authories" that had access and used it to spy on citizens, read TFA.
  To your second point, do you really believe that they have no way of brute forcing a hunk of Spyware on to any Windows PC? I think you missed the articles last month where MS key stores were not the only thing at issue with Flame and Stuxnet, it was that the Government had agents working inside MS. A dollar says they have more than 1 "oh shit" back door on any MS PC, if not something permanently installed that they can do the same thing at the flip of a switch.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
2. Re:"...unregulated trade..." by John+Hasler · 2012-07-25 12:21 · Score: 1
  
  It was "the Authories" that had access and used it to spy on citizens...
  No shit. And do you really think that the UK authorities would have denied the company a license to sell the software to the Egyption authorities? Remember, they were our allies in the War On Terror.
  
  To your second point...
  Which is that this is just another bit of malware, different from the usual kind only in that it is "legit", commercial, and very expensive.
  
  ...do you really believe that they have no way of brute forcing a hunk of Spyware on to any Windows PC?
  It's Windows. "Brute force" may be too strong a term. Maybe "gentle push"?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
3. Re:"...unregulated trade..." by s.petry · 2012-07-25 17:26 · Score: 1
  
  The sarcasm in your post was obviously.. not obvious. Seems like we are thinking at least very similar.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Re:Fags and spics by John+Hasler · 2012-07-25 10:31 · Score: 2

"Blind eye"? Who the hell do you think are the customers for this sort of stuff?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Fags and spics by John+Hasler · 2012-07-25 10:34 · Score: 3, Insightful

It is abut a UK comany exporting malware to what was a dictatorial regime to spy on political dissidents.
Right. Export controls: that's the ticket. It worked so well for encryption software and inconvenienced no one.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
What about the microphones? by knorthern+knight · 2012-07-25 10:36 · Score: 1

What about laptop built-in microphones that come bundled with the cameras?

--

I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
1. Re:What about the microphones? by John+Hasler · 2012-07-25 12:22 · Score: 1
  
  What about laptop built-in microphones that come bundled with the cameras?
  They'll enable that feature for an extra $80,000.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:Fags and spics by Anonymous Coward · 2012-07-25 10:53 · Score: 0

Dictatorial regimes that are the supposed enemies of the western world.
Who do ya wanna blame ? by Taco+Cowboy · 2012-07-25 13:24 · Score: 2

The piece from Bloomberg is one of the lousiest journalism there is
Putting blame on U.K.'s Gamma Group ain't gonna make the world better
And those activists --- if they are real ACTIVE-ists, --- they would know that activism using only their mouths to blame Gamma Group ain't gonna bring in any change
I was an activist myself in younger days, and we didn't do 'activism by mouth' - we did it with everything - even by fighting fire with fire
If those that we oppose use technology, such as cyber-spying and wire-tapping, we employed the same in launching our counter-strikes (Yes, some of those counter-strikes were illegal)
All I can see, from TFA, is that those "activists" are nothing but lamers and blamers

--
Muchas Gracias, Señor Edward Snowden !
Carrier IQ by Anonymous Coward · 2012-07-25 15:40 · Score: 0

They should have said it was for 'Quality Control', then denied it can personally identify anyone, then admit that it can, but doesn't snoop on keys, then admit it can snoop on keys but only by accident. Then whine that their legitimate business is being attacked by mad people who don't want to be spied on. (HTC's profits and market share have plummetted BTW, serves them right for installing it).
Really you make a tool to be used, guns DO kill people, even their owners by accident sometimes. If this tool can be used by anyone then how is it different from any other rootkit?
I often wonder why Microsoft doesn't sue these security companies that backdoor its products into the ground. Then I read that they won't confirm Skype doesn't have a backdoor and suddenly it all becomes clear. Pot Kettle Black.
And the solution is by Anonymous Coward · 2012-07-25 22:11 · Score: 0

And the solution is - is to stop using Microsoft Windows ..

"FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke .. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed".